Your Freedom - HOMENEWSDOWNLOADSACCOUNTDOCS & FAQFORUMS

      User Guide
      Video tutorial
      Support
      FAQ
      Working Applications
      Install
      Using DNS mode
      Using ECHO mode
      Using PPTP
         Windows
         Android
      Using SOCKS5
      IPv6/Teredo
      Browsers
      Instant Messaging
      Filesharing/Downloading
      Games
      Internet Mail
      Multimedia Apps
      Forex trading
      FTP Tools
      Proxy Helpers
      OpenVPN mode
      Mobile connections
      Connection sharing
      External Information
      Mirrors
      Country information
      Payment methods
      Account disabled
  

What is PPTP? And why would I want to use it?

The normal way to use our service is through the Your Freedom client software. It will let you do things that you normally cannot do with VPN software. But there are times (and places) where you only need to ensure you get connected without someone spying on you, or you only need to appear to be elsewhere and not where you really are. If this sounds like you, read on.

The Your Freedom connectivity servers are now able to accept PPTP VPN connections too. PPTP is a VPN tunnel protocol developed by Microsoft and some more companies not renowned for designing good protocols; in fact, PPTP is pretty much broken by design in many aspects. However, it does have one advantage: nearly every PC, nearly every smartphone speaks PPTP without any additional software. Contrary to well-designed protocols like OpenVPN, PPTP uses a combination of TCP for the control connection and GRE encapsulated PPP frames for the data transport. That by itself is not too bad. But if you consider that you need to use MSCHAPv2 and MPPE-128 for authentication and encryption if you want at least some bit of protection, and that each of these two are again completely broken by design, this is where the mess starts. But you don't have to worry about the dirty details, we have done that for you.

Nevertheless, it's "the" standard and it is very widespread, plus it is relatively secure when used properly. And it gets the job done.

When would you want to use PPTP? Here are some examples:

  • When connected to a public wireless hot spot without encryption, using PPTP will ensure that no-one can see what you are doing.
  • If you live in country A and you would like to make it look to some Internet service like you actually live in country B (great if you want to watch TV broadcasts not available for your country!).
  • If you are in a censoring environment but the censoring is only very subtle -- some things just don't work and it always looks like technical faults.
  • If your provider is throttling a service you'd like to use, using PPTP might make things work properly (for example: YouTube is slow in some places because the local provider wants it to be slow).

Of course, the YF client will help you in all these situations as well. A Swiss army knife will let you turn screws too, but a screwdriver might be the better tool at times, even though you cannot cut anything with it. Should the screwdriver turn out not to be powerful enough, you can always resort to your trusted Swiss army knife.

 

How can I use PPTP?

That depends on your system. Please check out the links on the left hand side, they will tell you how to set up PPTP on your platform. If yours isn't on the list, don't despair -- you'll probably figure out how to use PPTP if you just google for it.

The YF PPTP enabled servers require that you use MSCHAPv2 for authentication and MPPE-128 for encryption. On most systems, this is the default setting. PPP (the framing protocol inside PPTP) will negotiate these options, and unless your system explicitly denies using these settings, they will be used automatically. All you have to supply is your username and your password -- the same credentials you'd use with the YF client and our web page --, and a suitable YF server.

Given that most people will probably just need a server in a specific country, not a specific server, your easiest option is to use one of these:

  • de.pptp.your-freedom.net (or .de)
  • uk.pptp.your-freedom.net (or .de)
  • us.pptp.your-freedom.net (or .de)
  • se.pptp.your-freedom.net (or .de)
  • ch.pptp.your-freedom.net (or .de)

As you probably have already guessed, "de", "uk", "us", "se" and "ch" refer to the country where the server is located.

If you want finer control over what server you are using, you may of course use emsXX.your-freedom.de (XX in the range of 01 to 32) too. Or configure a server IP address if you know one.

Please note that if you are configuring PPTP on an iPhone or iPad, you may have to use explicit server names instead of the country names above, because iThings seemingly don't deal well with names that resolve to multiple IPs of different servers. In this case, use emsXX.your-freedom.de instead, and replace XX by 01 or 16 for the US, 03-06 for Germany, 12, 19, 23 for the UK, 13 for Sweden, or 11/28 for Switzerland.

So, what kind of service will you get?

FreeFreedom, BasicFreedom, EnhancedFreedom or TotalFreedom, of course. :-) You get the same bandwidth that you'd get with the YF client, and you get the same usage time. The FreeFreedom restrictions apply to PPTP too. When you upgrade your account on the web page (using time-based upgrades or vouchers), it will have effect for the YF client based connection as well as the PPTP based connection. Of course, you can only log in once using one account -- either YF client or PPTP, not both at the same time. If you log in a second time, the previous connection is cut.

You'll access the Internet via a shared IP address. Inbound connections (i.e. from the Internet to your PC) are currently not supported. Others sell this as a protection feature to you, we tell you the truth: it's a limitation. Most people don't need it anyway.

Btw. we compensate for PPTP's protocol overhead. You get the full bandwidth you pay for (if your connection does not limit it, of course).

 

Will PPTP replace the YF client?

Heck, no! Both have their specific uses.

 

What is safer, YF client or PPTP?

Current YF clients use stronger encryption and protect your privacy better than PPTP. Still, PPTP is about as strong as using HTTPS to access many web servers. It uses RC4 with a 128 bit master key and generates session keys every so often. Not exactly state-of-the-art, to say the least. Its biggest weakness is that it relies on a sufficiently strong password.

You might have read about attacks against MSCHAPv2. This is not exactly news. MSCHAPv2 and MPPE both rely on the secrecy of an MD4 hash of your password. If someone is able to obtain this MD4 hash he cannot only impersonate you but also decrypt recorded data. The big problem here is that Microsoft has not "salted" the hash, and this means that pre-computed dictionaries can be used for brute-force attacks on recorded MSCHAPv2 authentication packets. Our advice is: use a very strong password. If you do, PPTP using MSCHAPv2 and MPPE is relatively secure. If you are really concerned, don't use PPTP.

 

 

 
   Acceptable Use